From patchwork Thu Mar 22 16:36:36 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ilya Smith X-Patchwork-Id: 889467 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=linux-snps-arc-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="a0rwQyC6"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="Fk1+89zN"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 406XQ12bVsz9s1R for ; Fri, 23 Mar 2018 03:37:11 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:List-Subscribe:List-Help: List-Post:List-Archive:List-Unsubscribe:List-Id:Message-Id:Date:Subject:To: From:Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References: List-Owner; bh=3PWd9XEsG+gnPID69R6UEdz3Snbr8mVckCX3nnNwVKY=; b=a0rwQyC6Kdx8fi +HZ0e0UQlh5NFmoShq+XIKmYvBukQsCV7apgsQ6w1SvduAQIOPlRVWj8VUDtnYiJJ9ffTAHjYvtP+ uKenaRQJAhKbC247BcmzF0hzKyPPErZnP37iNRkkm6AOmy/jA1lbZixA9wYyb4ISYzT7em70VNNWD hOzJizKhP6Jtv9U+r03HT7Xv1aBQqqRTCpYFZBqF1OYzP9QhkFTlGcvAZ8xtxBzgQxqeScp8ktYaz nEGYzeHBJx/TDoxMl4g3a4mzY8FDS8ptQl5NUSz6IbUR1v9sASmdmQ3nwsU+pJrpQSOfzoT35mBe1 ebf3Q+SP2LGXOolrUw5g==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1ez3D9-0007SY-6Q; Thu, 22 Mar 2018 16:37:07 +0000 Received: from mail-lf0-x243.google.com ([2a00:1450:4010:c07::243]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1ez3D5-0007QQ-Fg; Thu, 22 Mar 2018 16:37:05 +0000 Received: by mail-lf0-x243.google.com with SMTP id t132-v6so14130118lfe.2; Thu, 22 Mar 2018 09:36:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:subject:date:message-id; bh=m//DR2IjF14kxMb8hIASlsdQZeTM3Tfl8MGXfPzFsvc=; b=Fk1+89zNUzagNiyB4XxpkjKxy0zY3vPhVF9pTGLXacYv+z/UKL3yFE1JskloAlZB30 OKWrK+VVLvXaO0iydJOtyrher/wZ0UI1/NmZega8EDdohhiPgouf9M9yktGlCyAKbjpt K7i/1DBd8NWWdphoktiOpdJiVoDiUSkLCIaUkdf50nCbtXeWusSr6WZKU1kLatlOKyg4 bJAyWiWRCm+CM86p4rYHeT7ygrrfeYYGzAXj4hyPAKnUYnEkpeXdHyqkYrbr492cnnOY 5+kor4vK+qXbtqe6Xy+zgIMeucVtA+pE3Mwx5WRyQ61wQZdUXGtnmxiCJCn1HUpbEKAQ VFLg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id; bh=m//DR2IjF14kxMb8hIASlsdQZeTM3Tfl8MGXfPzFsvc=; b=A3Zzkrw7rqYYw5bsHu3Eg+zTTxyssDR/UBv3fQ8OXH/E9AN7XOS9vos5qevsvxqfwQ MoB7QbW3MhX27SoyzhsxCSBI7/Eu9KS5S4fTdCL6/ApLLE1dQnHQV4NZm9nT7bd8gsLx WPPls8S2Nc3/8VSVrY5roAGwVbG8YIWFY5UCMz6OutUPZrNJhpLK5htQ1Oo9VXl3/dLe obzSUNQytkkohQJMNVANevcEdrzNSZlWatWKuL66ZnntzquzWWeilWVzpRa9xZwQp1xy vBXmy8bcvVW0zTuzYaFwSobmPm8btbjTYoKk+hJMjPjM4PezlW/UHfnHvJNWaNAw6jEr ZcGQ== X-Gm-Message-State: AElRT7G6LZuDLDaASQFZ16EaOKzFwybdjE/oNvg+IIN3zLDidtnIL8dw 53BLJPuNMpOu0lQ0TtoFqwg= X-Google-Smtp-Source: AG47ELsmRYer/1Dep+M8qraEhBnVwgO3tJHW3WpPA6ME2Bcsmp3ICIBTSnPz1wU4NkkLmvFAEzStCQ== X-Received: by 2002:a19:e511:: with SMTP id c17-v6mr17944742lfh.106.1521736610632; Thu, 22 Mar 2018 09:36:50 -0700 (PDT) Received: from crasher.ptsecurity.ru ([31.44.93.25]) by smtp.gmail.com with ESMTPSA id q66sm1016261ljq.75.2018.03.22.09.36.48 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Thu, 22 Mar 2018 09:36:49 -0700 (PDT) From: Ilya Smith To: rth@twiddle.net, ink@jurassic.park.msu.ru, mattst88@gmail.com, vgupta@synopsys.com, linux@armlinux.org.uk, tony.luck@intel.com, fenghua.yu@intel.com, jhogan@kernel.org, ralf@linux-mips.org, jejb@parisc-linux.org, deller@gmx.de, benh@kernel.crashing.org, paulus@samba.org, mpe@ellerman.id.au, schwidefsky@de.ibm.com, heiko.carstens@de.ibm.com, ysato@users.sourceforge.jp, dalias@libc.org, davem@davemloft.net, tglx@linutronix.de, mingo@redhat.com, hpa@zytor.com, x86@kernel.org, nyc@holomorphy.com, viro@zeniv.linux.org.uk, arnd@arndb.de, blackzert@gmail.com, gregkh@linuxfoundation.org, deepa.kernel@gmail.com, mhocko@suse.com, hughd@google.com, kstewart@linuxfoundation.org, pombredanne@nexb.com, akpm@linux-foundation.org, steve.capper@arm.com, punit.agrawal@arm.com, paul.burton@mips.com, aneesh.kumar@linux.vnet.ibm.com, npiggin@gmail.com, keescook@chromium.org, bhsharma@redhat.com, riel@redhat.com, nitin.m.gupta@oracle.com, kirill.shutemov@linux.intel.com, dan.j.williams@intel.com, jack@suse.cz, ross.zwisler@linux.intel.com, jglisse@redhat.com, willy@infradead.org, aarcange@redhat.com, oleg@redhat.com, linux-alpha@vger.kernel.org, linux-kernel@vger.kernel.org, linux-snps-arc@lists.infradead.org, linux-arm-kernel@lists.infradead.org, linux-ia64@vger.kernel.org, linux-metag@vger.kernel.org, linux-mips@linux-mips.org, linux-parisc@vger.kernel.org, linuxppc-dev@lists.ozlabs.org, linux-s390@vger.kernel.org, linux-sh@vger.kernel.org, sparclinux@vger.kernel.org, linux-mm@kvack.org Subject: [RFC PATCH v2 0/2] Randomization of address chosen by mmap. Date: Thu, 22 Mar 2018 19:36:36 +0300 Message-Id: <1521736598-12812-1-git-send-email-blackzert@gmail.com> X-Mailer: git-send-email 2.7.4 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20180322_093703_579973_DDD7733B X-CRM114-Status: UNSURE ( 8.48 ) X-CRM114-Notice: Please train this message. X-Spam-Score: -0.1 (/) X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary: Content analysis details: (-0.1 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no trust [2a00:1450:4010:c07:0:0:0:243 listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (blackzert[at]gmail.com) 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-BeenThere: linux-snps-arc@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: Linux on Synopsys ARC Processors List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: "linux-snps-arc" Errors-To: linux-snps-arc-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org Current implementation doesn't randomize address returned by mmap. All the entropy ends with choosing mmap_base_addr at the process creation. After that mmap build very predictable layout of address space. It allows to bypass ASLR in many cases. This patch make randomization of address on any mmap call. --- v2: Changed the way how gap was chosen. Now we don't get all possible gaps. Random address generated and used as a tree walking direction. Tree walked with backtracking till suitable gap will be found. When the gap was found, address randomly shifted from next vma start. The vm_unmapped_area_info structure was extended with new field random_shift what might be used to set arch-depended limit on shift to next vma start. In case of x86-64 architecture this shift is 256 pages for 32 bit applications and 0x1000000 pages for 64 bit. To get the entropy pseudo-random is used. This is because on Intel x86-64 processors instruction RDRAND works very slow if buffer is consumed - after about 10000 iterations. This feature could be enabled by setting randomize_va_space with 4. --- Performance: After applying this patch single mmap took about 7% longer according to following test: before = rdtsc(); addr = mmap(0, SIZE, PROT_READ | PROT_WRITE, MAP_ANONYMOUS | MAP_PRIVATE, -1, 0); after = rdtsc(); diff = after - before; munmap(addr, SIZE) ... unsigned long long total = 0; for(int i = 0; i < count; ++i) { total += one_iteration(); } printf("%lld\n", total); Time is consumed by div instruction in computation of the address. make kernel: echo 2 > /proc/sys/kernel/randomize_va_space make mrproper && make defconfig && time make real 11m9.925s user 10m17.829s sys 1m4.969s echo 4 > /proc/sys/kernel/randomize_va_space make mrproper && make defconfig && time make real 11m12.806s user 10m18.305s sys 1m4.281s Ilya Smith (2): Randomization of address chosen by mmap. Architecture defined limit on memory region random shift. arch/alpha/kernel/osf_sys.c | 1 + arch/arc/mm/mmap.c | 1 + arch/arm/mm/mmap.c | 2 + arch/frv/mm/elf-fdpic.c | 1 + arch/ia64/kernel/sys_ia64.c | 1 + arch/ia64/mm/hugetlbpage.c | 1 + arch/metag/mm/hugetlbpage.c | 1 + arch/mips/mm/mmap.c | 1 + arch/parisc/kernel/sys_parisc.c | 2 + arch/powerpc/mm/hugetlbpage-radix.c | 1 + arch/powerpc/mm/mmap.c | 2 + arch/powerpc/mm/slice.c | 2 + arch/s390/mm/mmap.c | 2 + arch/sh/mm/mmap.c | 2 + arch/sparc/kernel/sys_sparc_32.c | 1 + arch/sparc/kernel/sys_sparc_64.c | 2 + arch/sparc/mm/hugetlbpage.c | 2 + arch/tile/mm/hugetlbpage.c | 2 + arch/x86/kernel/sys_x86_64.c | 4 + arch/x86/mm/hugetlbpage.c | 4 + fs/hugetlbfs/inode.c | 1 + include/linux/mm.h | 17 ++-- mm/mmap.c | 165 ++++++++++++++++++++++++++++++++++++ 23 files changed, 213 insertions(+), 5 deletions(-)